Siemens Scalance_sc632-2c_firmware
11 CVEs affecting Siemens Scalance_sc632-2c_firmware. Latest disclosed: 2022-12-13. Critical: 1, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-36323 | Critical | 9.1 | 2022-08-10 | Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or s… |
CVE-2021-25667 | High | 8.8 | 2021-03-15 | A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All… |
CVE-2022-30065 | High | 7.8 | 2022-05-18 | A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar fun… |
CVE-2018-25032 | High | 7.5 | 2022-03-25 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. |
CVE-2021-41991 | High | 7.5 | 2021-10-18 | The in-memory certificate cache in strongSwan before 5.9.4 has a remote integer overflow upon receiving many requests with different certificates to fill the c… |
CVE-2022-36325 | Medium | 6.8 | 2022-08-10 | Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with a… |
CVE-2022-46140 | Medium | 6.5 | 2022-12-13 | Affected devices use a weak encryption scheme to encrypt the debug zip file. This could allow an authenticated attacker to decrypt the contents of the file and… |
CVE-2022-32206 | Medium | 6.5 | 2022-07-07 | curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different alg… |
CVE-2022-46142 | Medium | 5.7 | 2022-12-13 | Affected devices store the CLI user passwords encrypted in flash memory. Attackers with physical access to the device could retrieve the file and decrypt the C… |
CVE-2022-32205 | Medium | 4.3 | 2022-07-07 | A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large a… |
CVE-2022-46143 | Low | 2.7 | 2022-12-13 | Affected devices do not check the TFTP blocksize correctly. This could allow an authenticated attacker to read from an uninitialized buffer that potentially co… |